I have created a registered app in Azure AD, and via the portal when I modify API Access\Required Permissions (add/change, for example), the Home Page URL back on the properties tab of the registered app is now blank. I’ve verified this by looking at the homepage field value in PowerShell. I can add the value back with no problem ... but I'm confused as to why this value disappears?
This is a known issue and Microsoft will have a fix deployed soon. Thank you for reporting.
Related
I'm struggling with Azure AD authentication on my Blazor Server app, but only when deployed to an Azure App service.
My app is presenting the login screen, and appears to authenticate me.
Every page appears to result in just a single line
"You do not have permission to view this directory or page."
After login, I get that line.
I attempt to go to /counter, same line....
I do not get this after login when running from my IIS Express dev machine, after authentication, I get the index page, can nav to counter, fetch data, etc.
I take it there is something different between development environment and production.
I tried to deploy my debug configuration, same result.
I don't see where this "You do not have permission to view this directory or page." message is coming from, at all.. I don't see it on any components or pages.
I'm using the V2 end points for MSAL, and again, they seem to work okay in development
Do I need to add an attribute to my page or component? Do I need to set up a specific role somewhere in Azure App?
What should I have in startup.cs or program.cs?
Again, I've put my actual app aside and just spun up a new one with just the default counter and fetch data demo stuff, used VS to add Microsoft Identity, run thru the config steps for it, all successfully. Run from dev machine, it asks me to log in, I log in, it shows I'm logged in on the login control, etc. All looks fine. Hit deploy and spin up an App Service for it, deploys without error, starts up, asks me to login, I do, and I get the You do not have permission line
Anyone else experience this?
If you are logging using user ID under Azure Active Directory (AAD), you have to modify in Settings:
Authentication / Authorization
App Service Authentication, "ON" =>> choose: Log in With Azure Active Directory
Select 'ActivityProvider', AAD.
Configured (Express: Existing APP)
Manage Azure Active Directory: Manage Permission & Manage Application
For Manage Permission ==>> Add, In Delegate Permission, choose: Sign in and read user profile and refresh your browser to login again.
Also, check all your web app files though KUDU Console.
Follow this link,
<your_web_app_name>.azurewebsites.net > Debug Console (from top menu) > CMD/PowerShell > Site > wwwroot.
That should contains all your files.
I have recently Registered a Keycloak Application on my Azure AD B2C tenant, one of my colleagues accidentally deleted the registration, so i have restored the application on the Azure portal, Later i tried changing the Redirection URI, but the Azure portal doesn't allow me to do so and shows the below error
"Failed to update KeyCloak application. Error detail: Encountered an internal server error."
I have tried to change the same in the Manifest and tried to upload file, even it shows the same error.
Did my application restore made any difference here, if it was so please suggest me some check points to solve this.
Note : The other applications in this tenant allow me to do same changes, I have issue only with this application registration.
A bug has been filed and the product team is working on it. In the mean time for the work around Please re-create another app if possible.
You could also try to change "SignInAudience" to "AzureADMultipleOrgs" (if it works) - than you'll be able to modify reply urls and switch "SignInAudience" back.
I'm trying to use the googleapiclient Python SDK to create a domain mapping for my App Engine app. I'm using the "App Engine default service account" to authenticate, which works (I can get the list of domain mappings). However, when I try to create a mapping, I get the following error:
Caller is not authorized to administer the domain 'abc.[mydomain]'. If you own 'abc.[mydomain]', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=abc.[mydomain]. We recommend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').
The same call works in the API Explorer without any issues.
I tried giving the service account the Owner role in the IAM console, to no avail.
(I haven't tried running it from within App Engine; presumably that works, but I'd really like to be able to test this part of my app locally.)
Thanks to John Hanley for pointing me in the right direction.
Go to the Google Search Console and sign in
Navigate to "Settings" (towards the bottom of the menu)
Select "Users and Permissions"
Click the "more" (three vertical dots) button next to your email address, then "Manage property owners"
Choose your domain from the list
Click "Add an owner" at the bottom of the page
I have code working in development that authorizes against Azure AD in a multi-tenant setup using the MSAL library (with the Microsoft Angular wrapper for MSAL).
This code all works as expected when I am running it against localhost:5001.
My configuration contains a redirectUri for https://localhost:5001 and my application in Azure AD has its "Redirect URI" value set to the same.
However, when I move this to production, it is continuing to try to redirect me to localhost:5001 on a successful AD authentication, even though I have changed my redirectUri in my configuration, as well as the Azure B2C application "Redirect URI", to now be the production site at:
https://[mysite].azurewebsites.net
Where is it still getting localhost:5001 from? I searched my code/configuration and this value does not exist. It is not currently in Azure AD for the Application. I have stopped and restarted my App Service to no avail.
The redirection it is trying to make is to:
https://localhost:5001/#id_token=eyJ0eXAiOiJKV1Qi ...
I was able to work around this issue by deleting the Azure AD App Registration and creating a new one from scratch with the proper endpoints.
For some reason, it was not "holding" the change when the endpoint URLs were edited and saved. It showed the correct endpoints in the Azure AD control panel for the App Registration, but it was still redirecting to localhost.
When I deleted and re-created, it properly forwarded the replies to the production site.
I am unsure at this time if this is an issue on Microsoft's side or not, but this conclusively resolved the issue.
Registering a new application solved this issue.
No need to delete and register a new application. Simply update the replyUrlsWithType attribute on the Azure Active Directory app manifest file to point to the new domain, url or location:
"replyUrlsWithType": [
{
"url": "https://localhost:4400/services/office365/redirectTarget.html",
"type": "InstalledClient"
}
],
See this link for more information: https://learn.microsoft.com/en-gb/azure/active-directory/develop/reference-app-manifest?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps
Using adal.js v1.0.17 and Web API via JavaScript.
Running a custom tab within Microsoft Teams and getting this error when trying to authenticate.
Looked at the app registration within Azure portal and not seen anything there that could help. Tried to edit the manifest file and change the value of oauth2AllowImplicitFlow to true but still getting error.
Found the solution.
Need to access the Azure portal using Chrome.
Go to Azure Active Directory and choose App Registrations (Preview).
Open up the app registration and choose Authentication on the left.
Under Advanced Settings, Implicit grant check the box "ID tokens".
That will add the property oauth2AllowIdTokenImplicitFlow to the manifest file with the value set to "true".
you can try by enabling the 'ID Token'